kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-20 23:14:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added OIDC draft für wordpress

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-17 11:51:37 +02:00
parent 7d5d69c380
commit 7e24d9b1c3
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
18 changed files with 91 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
group_vars/all/00_general.yml
View File

@ -31,13 +31,13 @@ test_email: "test@{{primary_domain}}"
# Server Tact Variables # Server Tact Variables
## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance ## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
hours_server_awake: "0..23" hours_server_awake: "0..23"
## Random delay for systemd timers to avoid peak loads. ## Random delay for systemd timers to avoid peak loads.
randomized_delay_sec: "5min" randomized_delay_sec: "5min"
# Runtime Variables for Process Control # Runtime Variables for Process Control
activate_all_timers: false # Activates all timers, independend if the handlers had been triggered activate_all_timers: false # Activates all timers, independend if the handlers had been triggered
# One Wildcard Certificate for All Subdomains # One Wildcard Certificate for All Subdomains
# Enables a single Let's Encrypt wildcard certificate for all subdomains instead of individual certificates. # Enables a single Let's Encrypt wildcard certificate for all subdomains instead of individual certificates.
@ -47,11 +47,11 @@ activate_all_timers: false # Activates all timers, independen
# To enable, update your inventory file. # To enable, update your inventory file.
# For detailed setup instructions, visit: # For detailed setup instructions, visit:
# https://github.com/kevinveenbirkenbach/cymais/tree/master/roles/nginx-docker-cert-deploy # https://github.com/kevinveenbirkenbach/cymais/tree/master/roles/nginx-docker-cert-deploy
enable_wildcard_certificate: false enable_wildcard_certificate: false
# This enables debugging in ansible and in the apps # This enables debugging in ansible and in the apps
# You SHOULD NOT enable this on production servers # You SHOULD NOT enable this on production servers
enable_debug: false enable_debug: false
######################### #########################
## ENABLED DEFAULTS ## ## ENABLED DEFAULTS ##

12
group_vars/all/07_applications.yml
View File

@ -709,7 +709,7 @@ defaults_applications:
presentation: presentation:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: False # Would mess with the presentation layout css_enabled: False # Would mess with the presentation layout
landingpage_iframe_enabled: False # Makes sense to make the documentary allways in iframe available landingpage_iframe_enabled: True # Makes sense to make the documentary allways in iframe available
# Snipe-IT # Snipe-IT
snipe_it: snipe_it:
@ -770,7 +770,15 @@ defaults_applications:
# May a solution could be to generate a template or css file dedicated # May a solution could be to generate a template or css file dedicated
# for wordpress based on the theming values and import it. # for wordpress based on the theming values and import it.
database: database:
central_storage: True # Activate Central Database Storage central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: false # CSS is hard to tweak for wordpress css_enabled: false # CSS is hard to tweak for wordpress
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
oidc:
enabled: true # Activate OIDC
title: "Blog"
credentials:
administrator:
username: "{{users.administrator.username}}" # Username of the wordpress administrator
# password: # Password of the wordpress administrator
email: "{{users.administrator.email}}" # Email of the wordpress adminsitrator

2
roles/docker-discourse/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "discourse" application_id: "discourse"
database_password: "{{ applications.discourse.database_password }}" database_password: "{{ applications.discourse.credentials.database.password }}"
database_type: "postgres" database_type: "postgres"
docker_repository_directory : "{{docker_compose.directories.services}}{{applications.discourse.repository}}/" docker_repository_directory : "{{docker_compose.directories.services}}{{applications.discourse.repository}}/"
discourse_application_yml_destination: "{{docker_repository_directory }}containers/{{applications.discourse.container}}.yml" discourse_application_yml_destination: "{{docker_repository_directory }}containers/{{applications.discourse.container}}.yml"

2
roles/docker-keycloak/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "keycloak" application_id: "keycloak"
database_type: "postgres" database_type: "postgres"
database_password: "{{applications.keycloak.database_password}}" database_password: "{{applications.keycloak.credentials.database.password}}"
container_name: "{{application_id}}_application" container_name: "{{application_id}}_application"
realm: "{{primary_domain}}" # This is the name of the default realm which is used by the applications realm: "{{primary_domain}}" # This is the name of the default realm which is used by the applications
import_directory_host: "{{docker_compose.directories.volumes}}import/" # Directory in which keycloack import files are placed on the host import_directory_host: "{{docker_compose.directories.volumes}}import/" # Directory in which keycloack import files are placed on the host

2
roles/docker-mailu/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "mailu" application_id: "mailu"
database_password: "{{applications.mailu.credentials.database_password}}" database_password: "{{applications.mailu.credentials.database.password}}"
database_type: "mariadb" database_type: "mariadb"
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/" cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
enable_wildcard_certificate: false enable_wildcard_certificate: false

2
roles/docker-mastodon/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "mastodon" application_id: "mastodon"
database_password: "{{applications.mastodon.credentials.database_password}}" database_password: "{{applications.mastodon.credentials.database.password}}"
database_type: "postgres" database_type: "postgres"

2
roles/docker-matomo/vars/main.yml
View File

@ -1,7 +1,7 @@
--- ---
application_id: "matomo" application_id: "matomo"
database_type: "mariadb" database_type: "mariadb"
database_password: "{{applications.matomo.database_password}}" database_password: "{{applications.matomo.credentials.database.password}}"
# I don't know if this is still necessary # I don't know if this is still necessary
domain: "{{domains.matomo}}" domain: "{{domains.matomo}}"

2
roles/docker-nextcloud/vars/main.yml
View File

@ -3,7 +3,7 @@
application_id: "nextcloud" # Application identifier application_id: "nextcloud" # Application identifier
# Database # Database
database_password: "{{applications.nextcloud.credentials.database_password}}" # Database password database_password: "{{applications.nextcloud.credentials.database.password}}" # Database password
database_type: "mariadb" # Database flavor database_type: "mariadb" # Database flavor
# Networking # Networking

2
roles/docker-openproject/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "openproject" application_id: "openproject"
docker_repository_address: "https://github.com/opf/openproject-deploy" docker_repository_address: "https://github.com/opf/openproject-deploy"
database_password: "{{ applications[application_id].credentials.database_password }}" database_password: "{{ applications[application_id].credentials.database.password }}"
database_type: "postgres" database_type: "postgres"
openproject_plugins_service: "{{docker_compose.directories.services}}plugins/" openproject_plugins_service: "{{docker_compose.directories.services}}plugins/"

4
roles/docker-portfolio/templates/footer_menu.yaml.j2
View File

@ -122,9 +122,9 @@
- name: Slides - name: Slides
description: Checkout the presentation description: Checkout the presentation
icon: icon:
class: fas fa-book class: "fas fa-chalkboard-teacher"
url: https://{{domains.presentation}} url: https://{{domains.presentation}}
iframe: {{ applications | get_landingpage_iframe_enabled('sphinx') }} iframe: {{ applications | get_landingpage_iframe_enabled('presentation') }}
{% endif %} {% endif %}

2
roles/docker-snipe_it/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "snipe_it" application_id: "snipe_it"
database_password: "{{applications.snipe_it.database_password}}" database_password: "{{applications.snipe_it.credentials.database.password}}"
database_type: "mariadb" database_type: "mariadb"

11
roles/docker-wordpress/files/Dockerfile
View File

@ -1,12 +1,15 @@
FROM wordpress FROM wordpress
# Update and installation of msmtp # Install msmtp and update system
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y msmtp msmtp-mta && \ apt-get install -y msmtp msmtp-mta && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
# Copy the msmtp configuration into the container # Install WP CLI
COPY config/msmtprc.conf /etc/msmtprc RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
chmod +x wp-cli.phar && \
mv wp-cli.phar /usr/local/bin/wp
# Copy the PHP configuration for uploads (and mail settings) # Copy msmtp configuration and PHP upload settings
COPY config/msmtprc.conf /etc/msmtprc
COPY upload.ini $PHP_INI_DIR/conf.d/ COPY upload.ini $PHP_INI_DIR/conf.d/

12
roles/docker-wordpress/tasks/install.yml Normal file
View File

@ -0,0 +1,12 @@
- name: "{{ role_name }} | Run WordPress core install via WP CLI"
command: >
docker-compose exec -T -u www-data application
wp core install
--url="https://{{ domains[application_id][0] }}"
--title="{{ applications[application_id].title }}"
--admin_user="{{ applications[application_id].credentials.administrator.username }}"
--admin_password="{{ applications[application_id].credentials.administrator.password }}"
--admin_email="{{ applications[application_id].credentials.administrator.email }}"
--path="{{ wordpress_docker_html_path }}"
args:
chdir: "{{ docker_compose.directories.instance }}"

19
roles/docker-wordpress/tasks/main.yml
View File

@ -1,9 +1,9 @@
--- ---
- name: "include docker-central-database" - name: "{{ role_name }} | Include docker-central-database"
include_role: include_role:
name: docker-central-database name: docker-central-database
- name: "include role nginx-domain-setup for {{ application_id }}" - name: "{{ role_name }} | Include role nginx-domain-setup for {{ application_id }}"
include_role: include_role:
name: nginx-domain-setup name: nginx-domain-setup
loop: "{{ domains.wordpress }}" loop: "{{ domains.wordpress }}"
@ -13,23 +13,30 @@
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{ wordpress_max_upload_size }};" nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{ wordpress_max_upload_size }};"
http_port: "{{ ports.localhost.http[application_id] }}" http_port: "{{ ports.localhost.http[application_id] }}"
- name: "Transfering upload.ini to {{ docker_compose.directories.instance }}" - name: "{{ role_name }} | Transfering upload.ini to {{ docker_compose.directories.instance }}"
template: template:
src: upload.ini.j2 src: upload.ini.j2
dest: "{{ docker_compose.directories.instance }}upload.ini" dest: "{{ docker_compose.directories.instance }}upload.ini"
notify: docker compose project build and setup notify: docker compose project build and setup
- name: "Transfering msmtprc to {{ host_msmtp_conf }}" - name: "{{ role_name }} | Transfering msmtprc to {{ host_msmtp_conf }}"
template: template:
src: "{{ playbook_dir }}/roles/msmtp/templates/msmtprc.conf.j2" src: "{{ playbook_dir }}/roles/msmtp/templates/msmtprc.conf.j2"
dest: "{{ host_msmtp_conf }}" dest: "{{ host_msmtp_conf }}"
notify: docker compose project build and setup notify: docker compose project build and setup
- name: "Transfering Dockerfile to {{ docker_compose.directories.instance }}" - name: "{{ role_name }} | Transfering Dockerfile to {{ docker_compose.directories.instance }}"
copy: copy:
src: Dockerfile src: Dockerfile
dest: "{{ docker_compose.directories.instance }}Dockerfile" dest: "{{ docker_compose.directories.instance }}Dockerfile"
notify: docker compose project build and setup notify: docker compose project build and setup
- name: "copy docker-compose.yml and env file" - name: "{{ role_name }} | copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml include_tasks: copy-docker-compose-and-env.yml
- name: "{{ role_name }} | Install wordpress"
include_tasks: install.yml
- name: "{{ role_name }} | Activating OIDC when enabled."
include_tasks: oidc.yml
when: applications[application_id].oidc.enabled | bool

16
roles/docker-wordpress/tasks/oidc.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: "{{ role_name }} | Install OpenID Connect Generic Plugin via WP CLI"
command: >
docker-compose exec -u www-data -T application
wp plugin install daggerhart-openid-connect-generic
--path={{ wordpress_docker_html_path }}
args:
chdir: "{{ docker_compose.directories.instance }}"
- name: "{{ role_name }} | Activate OpenID Connect Generic Plugin"
command: >
docker-compose exec -u www-data -T application
wp plugin activate daggerhart-openid-connect-generic
--path={{ wordpress_docker_html_path }}
args:
chdir: "{{ docker_compose.directories.instance }}"

4
roles/docker-wordpress/templates/docker-compose.yml.j2
View File

@ -4,14 +4,14 @@ services:
application: application:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: {{custom_wordpress_image}} image: {{wordpress_custom_image}}
container_name: wordpress-application container_name: wordpress-application
build: build:
context: . context: .
ports: ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80" - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
volumes: volumes:
- data:/var/www/html - data:{{ wordpress_docker_html_path }}
{% include 'roles/docker-compose/templates/services/msmtp_curl_test.yml.j2' %} {% include 'roles/docker-compose/templates/services/msmtp_curl_test.yml.j2' %}

11
roles/docker-wordpress/templates/env.j2
View File

@ -2,3 +2,14 @@ WORDPRESS_DB_HOST= "{{database_host}}:{{database_port}}"
WORDPRESS_DB_USER= "{{database_username}}" WORDPRESS_DB_USER= "{{database_username}}"
WORDPRESS_DB_PASSWORD= "{{database_password}}" WORDPRESS_DB_PASSWORD= "{{database_password}}"
WORDPRESS_DB_NAME= "{{database_name}}" WORDPRESS_DB_NAME= "{{database_name}}"
{% if applications[application_id].oidc.enabled | bool %}
# OIDC Configuration (loaded if OIDC is enabled)
# @see https://github.com/oidc-wp/openid-connect-generic/blob/develop/includes/openid-connect-generic-option-settings.php
OIDC_CLIENT_ID={{ oidc.client.id }}
OIDC_CLIENT_SECRET={{ oidc.client.secret }}
OIDC_ENDPOINT_LOGOUT_URL={{ oidc.client.logout_url }}
OIDC_ENDPOINT_LOGIN_URL={{ oidc.client.authorize_url }}
OIDC_ENDPOINT_TOKEN_URL={{ oidc.client.token_url }}
OIDC_ENDPOINT_USERINFO_URL={{ oidc.client.user_info_url }}
{% endif %}

5
roles/docker-wordpress/vars/main.yml
View File

@ -1,6 +1,7 @@
application_id: "wordpress" application_id: "wordpress"
wordpress_max_upload_size: "64M" wordpress_max_upload_size: "64M"
database_type: "mariadb" database_type: "mariadb"
database_password: "{{wordpress_database_password}}" database_password: "{{applications[application_id].credentials.database.password}}"
custom_wordpress_image: "custom_wordpress" wordpress_custom_image: "wordpress_custom"
wordpress_docker_html_path: "/var/www/html"
host_msmtp_conf: "{{docker_compose.directories.config}}msmtprc.conf" host_msmtp_conf: "{{docker_compose.directories.config}}msmtprc.conf"